CVE-2015-2213

EPSS 21.2%

wordpress - security update

Published: 11/9/2015Modified: 5/27/2026

Also known as:DEBIAN-CVE-2015-2213

Description

SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.

Affected packages (4)

Debian/wordpressfrom 0, < 4.2.4+dfsg-1
Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb6u7
Debian/wordpressfrom 0, < 4.1+dfsg-1+deb8u4
Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb7u8

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2213